[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: further modifications to mod_auth_pam.c



On Tue, 6 May 1997, Michael K. Johnson wrote:
> No.  See vlock and xlock as examples of programs that have no need to
> run as root.  In particular, pam_pwdb has a way to verify even shadow
> passwords without the program being setuid.

Errm, really? Last I knew, Mr. Morgan and myself had a lengthy discussion
about the changes to pwdb_chkpwd necessary to allow the web-server to
check shadow passwords and he asked me to make them, after which he would
look at it and consider inclusion into the official distribution. I did
not make the necessary changes, yet, and therefore, unless I missed
something, Apache is not able to check shadow passwords unless the daemon
runs as a user privileged to look at the shadow password file.

btw, with respect to the changes to pwdb_chkpwd I originally suggested, I
now believe that a far easier way to do whats needed is to chgrp
/etc/shadow to some group and put the uid the server runs under into that
group. Mr. Morgan was right again, I presume...
 
---/dev/il



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []